# Copy this file to /etc/certidude/template.ovpn and customize gateway IP addresses
# Run as client
client # tls-client; pull
nobind
# OpenVPN gateway(s), uncomment remote-random to load balance
comp-lzo
proto udp
{% if servers %}
remote-random
{% for server in servers %}
remote {{ server }} 51900
{% endfor %}
{% else %}
remote 1.2.3.4 1194
{% endif %}
# Virtual network interface settings
dev tun
persist-tun
# Customize crypto settings
;tls-version-min 1.2
;tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
;cipher AES-256-CBC
;auth SHA384
# Check that server presented certificate has TLS Server flag present
remote-cert-tls server
# X.509 business
persist-key
{{ca}}
{{key}}
{{cert}}
# Revocation list
# Tunnelblick doens't handle inlined CRL
# hard to update as well
;
;
# Pre-shared key for extra layer of security
;
;